Reflections on 100k - Graham Sutherland's Blog

I just hit 100,000 reputation on Information Security StackExchange! 🎉

I thought this would be a good moment to talk about why StackExchange is so important to me, and what my journey into security looked like. The story starts way back in 2012, before I worked in infosec. Back then I was a few months out of university, having studied for a computing degree (basically compsi + dev management), working my first job as an entry-level developer. I had already been interested in security for over a decade by then, but I had no idea it was a career path. I knew about StackOverflow - who didn’t? - and later discovered that they had a whole host of sister-sites for other topics.

Within no time I was hooked. The gamification of reputation points and badges were a nice distraction, but more than anything I really enjoyed answering questions. From around July 2012 to January 2013 I was consistently answering around 50% of questions submitted to the site every day, which shot me up to around 20,000 reputation. Want to know a dirty little secret? I didn’t know the answers.

See, back then I had no formal education in security. I had learned some things through experimentation - mostly messing around with computers and writing bad code - but I’d never really been taught any fundamentals. I’d picked up a few tricks from websites that taught you how to hack or how exploits worked. I’d played HackThisSite and been to all the usual questionable places. So, in the early days of answering questions on Security StackExchange, the best I had was a little background understanding and my ability to Google. It turns out that this is a fantastic way to learn. In university you’re being introduced to a new concept or idea every few days. In a job you’re perhaps working on a new challenge every week or so. On StackExchange I was getting my teeth into at least ten security concepts a day, both new and old. It built my level of understanding up in no time.

One thing that I hadn’t appreciated at the time is that it was teaching me how to communicate effectively. Back in my school days I never really engaged with long-form writing - partly because it was boring, and partly because my English teachers were about as engaging as wet mud (hey look, a simile! nobody cares, Owen). Writing answers on StackExchange meant that I had to distill a topic down concisely and quickly in a way that almost anyone can understand. Practice makes perfect, and I was getting a lot of practice.

At the start of 2013 I had grown disenfranchised by development - day-in-day-out bugfixing on an ERP product comprised of five million lines of procedural Delphi takes its toll - and I decided to make the career move to infosec. Twitter was instrumental in this, ultimately landing me a successful interview within a couple of weeks, but I think that my StackExchange profile was a key way that I was able to display my technical knowledge and communications capabilities to employers.

I’ve since met a bunch of folks from Security StackExchange, and had the privilege of speaking at a few of the same conferences as them. In fact I think I still have a Sec.SE t-shirt somewhere.

These days I find myself posting much less than I used to. You know how it is - life gets in the way. But it’s still nice to come back now and again and answer some questions, and to give back to the site and community that helped me learn so much. In fact, while the 100k reputation is a nice milestone, I think my favourite statistic is this one: